Date:       Wed, 22 Sep 93 16:24:31 EST
Errors-To:  Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From:       Computer Privacy Digest Moderator  <comp-privacy@PICA.ARMY.MIL>
To:         Comp-privacy@PICA.ARMY.MIL
Subject:    Computer Privacy Digest V3#044

Computer Privacy Digest Wed, 22 Sep 93              Volume 3 : Issue: 044

Today's Topics:				Moderator: Dennis G. Rears

         PHONEBUSTER wants help combatting telemarketing fraud
                                Re:  ANI
                       Re: Something to Consider
               Finding out the Caller's Number (was ANI)
              Re: Finding out the Caller's Number (was ANI)
                              Health card

   The Computer Privacy Digest is a forum for discussion on the
  effect of technology on privacy.  The digest is moderated and
  gatewayed into the USENET newsgroup comp.society.privacy
  (Moderated).  Submissions should be sent to
  comp-privacy@pica.army.mil and administrative requests to
  comp-privacy-request@pica.army.mil.
   Back issues are available via anonymous ftp on ftp.pica.army.mil
  [129.139.160.133].
----------------------------------------------------------------------

Date: Tue, 21 Sep 93 22:22:28 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: PHONEBUSTER wants help combatting telemarketing fraud
Reply-To: ua602@freenet.victoria.bc.ca



I posted this article in can.general. Can you have a look at it to
see whether you feel the information has any relevance to claims that
capture of phone numbers by ANI could not result in anything more
harmful that a few tele-marketing calls?
    
In a previous article, ua602@freenet.Victoria.BC.CA says:
>
>Both the CTV and CBC TV stations in Vancouver, BC aired news stories about
>"you have won" telemarketing fraud schemes this evening. A national
>PHONEBUSTER operation has been set up in North Bay, Ontario to gather
>information about what Better Business Bureau spokeperson Valerie Maclean
>described as a "Billion Dollar" fraud.
>
>The phonebuster number is (705) 495-3899, and is attempting to gather
>information to lay charges against the operators of these boiler room
>operations. Ms. Maclean described these telephone solicitors as being
>very convincing out of work actors, and this description was backed up
>by the recordings of their pitches broadcast by both stations.
>
>Older people, particularly owners of small businesses, seem to be the
>favoured target of these frauds. Their addresses and phone numbers seem
>to have been captured earlier when they responded to direct mail ads
>for keychains and pens printed with the name of their businesses in a
>direct mail version of the same type of fraud.
>
>One of the victims shown had sent $18,000, but seemed convinced that he
>would get at least $100,000, perhaps as high as $250,000 back. Others had 
>thrown away $600, $3,210, or been asked to pay $3,500 for "Goods and
>Services Tax", "Freight", or "registration".
>
>The CBC report said that 90% of these frauds operate out of Quebec,
>with the only real address being a vacant commercial mail drop. The
>Quebec operations only call out of province to avoid attracting the
>attention of the local police, a pattern that is apparently copied from
>similar scams in the US. One of the major operators was described as 
>going by the name "Great Dane".
>
>There have been 1,500 complaints so far, but police feel that this is just
>the tip of the iceberg and that most victims don't report it because they
>are embarrassed to have sent such large sums of money away on the basis of
>a phone solicitation that seems so stupid in hindsight. Anyone who has been
>victimized by this scam and has information is asked to call phonebusters.
    
    
    

------------------------------

From: Conrad Kimball <cek@sdc.boeing.com>
Newsgroups: comp.society.privacy
Subject: Re:  ANI
Date: 22 Sep 93 06:49:51 GMT
Organization: Boeing Computer Services (ESP), Seattle, WA


In article <comp-privacy3.35.2@pica.army.mil> john@zygot.ati.com (John Higdon) writes:
>Conrad Kimball <cek@sdc.boeing.com> writes:
>
>> With reverse directories and such, it's trivial to map a phone number to
>> a name and address.  Thus, they are essentially equivalent.
>
>All the verbage aside, this is what seems to bother you a great deal.
>Tell me, why is it that you seem to feel it so threatened that an entity
>that you call who pays for that call know who you are? You know who
>they are. I assume you are calling to transact some sort of business.
>Do you typically enter into business relationships maintaining your
>anonymity? If the call is for product inquiry, are you embarassed that
>someone might know that you inquired?

No, I don't feel threatened.  On the other hand, the business typically
has no need to know who I am, and I'm not inclined to tell them, either.

Who pays for the facilities is irrelevant; when I walk into a store, the
owner certainly is paying for the facilities, but that in no way gives
him (or his staff) a right to know who I am.  They _invite_ the public
(me) into their premises by the very act of opening for business and
advertising.  As such, it is axiomatic that I know who the business
is, though in all but rare cases I haven't a clue as to the personal
identities of the owner or the staff.  Conversely, the business has
no need to know my personal identity; certainly not just for product
inquiries.  I suppose a business _could_ legally condition entry to
their premises by asking for ID, but I doubt they'd find that an
effective way to stay in business.

Publishing an 800 number is to me analogous to having an electronic
storefront - the business has _invited_ me in, presumably to acquire
my business.  Of _course_ the business pays for the facilities - it's
a way to attract more customers than it would get with a non-800 number.
The business _chooses_ to have the 800 number, anticipating that it
will generate more revenue than expenses.  The mere fact that the
business pays for it gives it no special right to know who calls the
800 number anymore than owning the store gives it the right to know
who walks in the door.

Yes, I quite routinely transact business in an anonymous fashion
(at least, as much as I can - some transactions such as real estate
simply aren't easily done anonymously).

No, I'm not embarassed about making product inquiries, I just don't
think the business has any need to know who is inquiring.  They might
well _like_ to know, but that's their problem, not mine.  If they want
to sell to me, part of the cost of doing business is responding to
product inquiries, whether in person or by telephone.  As above, I see
800 numbers as an electronic substitute for in-person inquires - in
neither case do I expect to have to show ID.

BTW, your choice of words ("embarassing") is embarassingly close to the
"if you've got nothing to hide, you have nothing to fear" shibboleth.

>These are personal questions that I am asking here. I would appreciate
>it that if you decide to answer that you not bring up irrelevancies
>such as "the public" or anyone else. We are just talking between the
>two of us. I am interested in YOUR reasons for having an abhorrance for
>letting a business that YOU elect to contact know anything at all about
>the person doing the contacting.

I see no need for them to know a thing about me.  I walk in, pick up
what I want, and pay cash.  What more can they expect?

Of _course_ businesses like to know more about their customers; that's
the basis for a lot of consumer surveys, and all that.  And I turn
them down, too.

>The custom and usage of caller anonymity, a legacy of the limited
>technology of the past, will die hard. As the knee-jerk reactions to
>anything that threatens the status quo subside, we may all eventually
>look back on this era with great amusement.

When do you think the custom of anonymous grocery buying, a "legacy of
the limited technology" of the present, will die out?  Should it?  Why?

(Perhaps you routinely present ID whenever you walk into a store?
You don't?!?  I'm shocked!!  After all, they are paying for the
facilities, you know...)

All the verbage aside, the idea that you might have to pay for an
anonymous caller seems to bother you a great deal.  Tell me, why is
it that you seem to feel it so threatened that an entity that calls
you knows your business (the business, not you personally) while
remaining personally anonymous to you?

Seems to me like you could eliminate your problem by simply not having
an 800 number.  Why won't this work for you?  Perhaps you've _chosen_
to structure your business upon an accident of technology (ANI), and
you are simply loath to see such a fundamental (to you, anyway) business
assumption challenged?  If so, well, that's just too bad for you.
Businesses find their underlying assumptions challenged all the time,
and have to adapt or perish.
-- 
--
Conrad Kimball        | Client Server Tech Services, Boeing Computer Services
cek@sdc.cs.boeing.com | P.O. Box 24346, MS 7A-35
(206) 865-6410        | Seattle, WA  98124-0346

------------------------------

From: Conrad Kimball <cek@sdc.boeing.com>
Subject: Re: Something to Consider
Date: 22 Sep 93 07:11:32 GMT
Organization: Boeing Computer Services (ESP), Seattle, WA


In article <comp-privacy3.36.4@pica.army.mil> abc@arl.army.mil (Brinton Cooper) writes:
>
>Notice how she slipped in "(it is happening now)" near the end of the
>posting.  A key point in the ANI debate on this forum is whether "it" is
>happening or not.  If corporations are collecting ANI data and using it
>for nefarious reasons, let's have at least one concrete example, rather
>than a litany of what "could" happen.  Let's not suggest legislating as
>illegal acts which haven't yet been observed.

While it may be a reasonable general principle to avoid legislating
against acts that haven't occured (the law books could get _very_
large!), there remain legitimate situations where proactive or
preemptive legislation or regulation has great value.

Typically these are situations where, in the judgement of the legislators
or regulators, the potential risk of a negative result outweighs the
expected benefits, or at least outweighs the costs of a "go slow"
approach.

Well known examples include: the FDA procedures instituted after the
thalidomide fiasco; regulations governing genetic engineering;
nuclear power plant regulations; and others I'm sure you can name.

I think the basic principle of proactive regulation is well accepted.
The question to be debated is whether this particular situation (ANI)
is of a nature to justify proactive regulation.

I'm not sure how I'd decide, but I confess to leaning towards proactive
regulation of how businesses can use personal information they gather
in the course of business.  Why?  Probably because the damage to
individuals, should it occur, will likely be exquisitely hard to
pinpoint and prove.  (This is the problem that is conveniently
ignored by those who argue "we don't need regulations - if you're
damaged, sue 'em".)  Of course scoflaw businesses could ignore the
regulations, but I'm perhaps naive enough to believe that most would
abide by the regs.
-- 
--
Conrad Kimball        | Client Server Tech Services, Boeing Computer Services
cek@sdc.cs.boeing.com | P.O. Box 24346, MS 7A-35
(206) 865-6410        | Seattle, WA  98124-0346

------------------------------

From: Craig Wagner <craig.wagner@his.com>
Reply-To: craig.wagner@his.com
Date: Wed, 22 Sep 1993 10:06:51
Subject: Finding out the Caller's Number (was ANI)

  BC> From:  Brinton Cooper <abc@arl.army.mil> Newsgroups:
  BC> comp.society.privacy 

  BC> FACT 1:  The recipient of an 800 knows the number from which every
  BC> such 	call was made.

Perhaps it's poorly stated, but the above is not true.  I believe the
author meant to say that the recipient of an 800 number call has the
ability, if they acquire the necessary technology and understanding of
it, to know the number fromwhich every such call is made?  But I know
people (my parents) who have an 800 number, and have no idea who's
calling them when the phone rings.

(and other than this, I agree that this debate has gone on beyond much of any
useful purpose)

------------------------------

From:	John Macdonald <jmm@elegant.com>
Date:	Wed, 22 Sep 1993 14:39:03 -0400
Subject:  Re: Finding out the Caller's Number (was ANI)

|| "david.g.lewis" <deej@cbnewsf.cb.att.com> estimates the cost of
|| providing ANI-blocking and ANI-blocked-call-blocking

David cost estimates sound pretty good, with two exceptions.

He assumes that there would be no change in the number of calls
if it were implemented.

First, the lost revenue for the non-completed call will not always
be lost.  After getting a reject, the caller will choose whether
they wish to call again without blocking ANI.  In this case, there
will just be the cost of the failed connection.

Second, it presumes that there would not be any additional calls
made that otherwise wouldn't.  Given the assurance that their
number will *not* be automatiucally provided, there could be
extra calls made by people who just don't call for casual business
purposes for fear of having their number collected and misused.

Off-hand, I doubt that there are many instances today of people
choosing not to call 800 numbers out of this fear.  It is possible
that this number could rise sharply whenever the first mass media
publicized use of collected phone number lists occurs.

-- 
That is 27 years ago, or about half an eternity in | John Macdonald
    computer years.        - Alan Tibbetts         |   jmm@Elegant.COM

------------------------------

From: Carl A Slenk <slenk@hal.emba.uvm.edu>
Subject: Health card
Organization: University of Vermont, EMBA Computer Facility
Date: Wed, 22 Sep 1993 16:50:34 GMT

On the news last night H. Clinton mentioned a " National
Health Security Card". Anyone have any details?

-- 
Carl A. Slenk             |  "A computer lets you make more mistakes faster
slenk@hal.emba.uvm.ed     |   then any other invention with the possible
University of Vermont     |   exceptions of handguns and Tequila" -
My opinions;get your own  |            Mitch Ratcliffe

------------------------------


End of Computer Privacy Digest V3 #044
******************************